Starbucks App Falls Prey to Hackers

As reported by CNN Money and confirmed by Starbucks, criminals have been breaking into individual customer rewards accounts. The Starbucks app lets you pay at checkout with your phone. It can also reload Starbucks gift cards by automatically drawing funds from your bank account, credit card or PayPal.
According the CNN Money article, hackers break into a victim's Starbucks account online, add a new gift card, transfer funds over -- and repeat the process every time the original card reloads.
Starbucks customers interviewed by CNN Money revealed their recent experiences with the hackers. One Texas customer had paid at Starbucks with his phone app when he received a string of alerts on his phone. PayPal repeatedly notified him that his Starbucks card was being automatically reloaded with $50. He then received an email from Starbucks thanking him for his eGift which was followed by ten more just like it.
Starbucks told CNNMoney the company has not been hacked, and it didn't lose customer data. The company said these account takeovers are likely due to weak customer passwords. Starbucks suggested that customers use unique, strong passwords.
Starbucks posted a release to its website, stating:
Starbucks takes the obligation to protect customers’ information seriously. News reports that the Starbucks mobile app has been hacked are false.
Like all major retailers, the company has safeguards in place to constantly monitor for fraudulent activity and works closely with financial institutions. To protect the integrity of these security measures, Starbucks will not disclose specific details but can assure customers their security is incredibly important and all concerns related to customer security are taken seriously.
Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.
If a customer believes their account has been subject to fraudulent activity, they are encouraged to contact both Starbucks and their financial institution immediately. Customers are not responsible for charges or transfers they did not make. If a customer’s Starbucks Card is registered, their account balance is protected.
For additional security, Starbucks encourages customers to employ several best practices to ensure information is as protected as possible, such as:
Creating passwords made up of long phrases or sentences that mix capital and lowercase letters, numbers, and symbols.
Using different passwords for different sites, especially those that keep financial information.
Changing passwords often.
Lost or Stolen Device
If a customer believes their device has been lost or stolen, immediately change passwords for financial and personal accounts to prevent any identity theft or fraud.
Stay Alert
Regularly review bank statements for suspicious activity. If something is in error, immediately report that to your financial institution.
If you see any suspicious activity on your Starbucks Card or mobile app, please immediately notify Starbucks customer service at 1-800-STARBUC.
This ad will auto-close in 10 seconds